Privacy Manual :Deleted
From Privacy Manual
'Structure of privacy within the Department'
The Departments privacy reporting structure sees informal and formal reporting between business units Privacy Coordinators and the Senior Privacy Advisor located within Executive Services. The Senior Privacy Advisor reports to the Manager of FOI & Privacy Coordination who reports to the Director Executive Services who in turn reports to the Executive Director, Corporate Services and subsequently to the Secretary. This reporting structure is reflected in the Diagram below. Each business unit assigns an individual responsible for privacy issues. This person is required to act as a liaison between the business unit and the Senior Privacy Advisor on privacy matters. This structure ensures that accountability for privacy remains with business units who manage on a day to day basis individuals personal and health information. This also ensures privacy issues are considered throughout the Department which reflects the fact that personal and health information flows everywhere within our organisation. Privacy Coordinators located throughout the Department are able to alert the Senior Privacy Advisor and managers to emerging privacy issues and call on additional resources to prevent small issues from becoming major issues.
The Privacy Coordinator is responsible for:
• organising and delivering privacy training to staff within their business unit; • Responding to privacy questions from both staff and the public; • Responding to complaints and coordinating the Business Unit's response in the event of a complaint to the Privacy Commissioner; • Identifying privacy issues in the Business Unit and raising these regularly with Business Unit Managers and staff; • Attending Privacy Co-ordinator meetings and training; • Maintaining and updating their knowledge of privacy issues, developments and guidelines relevant to your Business Unit; • Participating in the privacy impact assessment process, privacy compliance audits and reviews as required; • Maintaining a professional relationship with Executive Services including the return of quarterly monthly statistics by the due date; • Forwarding requests for access to personal information to the Freedom of Information Group, Executive Services; and • Performing the role of Privacy Co-ordinator in such a way that is consistent with the Departments’s guidelines and policies in relation to privacy which can be found on J-NET>Our Business>Knowledge Management>Information Privacy
What a Privacy Coordinator does in performing these responsibilities:
• Categorise information in your business unit. Information will either be personal, health, or sensitive. Refer to section 3 (Definitions) contained in the IPA and HRA. • Be familiar with the 10 IPPs and 11 HPPs. Refer to the FAQs Privacy Legislation: Information Privacy Principles available from J-NET>Our Business>Knowledge Management>Information Privacy>FAQs • Understand your business units regular disclosures to external agencies. Make sure any information released complies with IPP2/HPP2. Always ensure staff make a written record of disclosures to law enforcement agencies. See section 2 of this manual for standard wording. • ensure all forms in use have a privacy collection statement. A collection statement generator has been developed and included in section 2 of this manual. • Examine your security arrangements. Make sure you have storage, transfer and disposal systems for paper and electronic records. Folders on shared drives should have appropriate access controls. For example your business units human resource records should not be accessible to all. • Display privacy posters and materials. The Department and the Privacy and Health Services Commissioners have various privacy promotional materials available. • Follow procedures for complaint handling. Refer to the Guideline for Complaint handling and the Protocol for handling Commissioner correspondence in section 4 of this manual. • Review and evaluate privacy compliance. Periodically check whether staff are complying with privacy policies. Understand that when there is a complaint or incident there may need to be changes to policies or procedures. • Complete the prescribed reporting form J-NET>Our Business>Knowledge Management>Information Privacy> Forms , every quarter, which captures the level of privacy activity across the DOJ. The forms are to be returned to the Senior Privacy Advisor by emailing privacy@justice.vic.gov.au.
